[Auth] Token doesn't have custom claims after user gets created

[marinofelipe]

Description

At work we can't bump to the 11.* version of the firebase iOS SDK, the reason is that token custom claims are not there right after a user is created.

Until the latest 10.* version, v10.29.0, it all works fine, as below:

1. A user is created with the Firebase SDK
2. A call is made to our BE, which uses the Firebase Admin Java SDK 9.4.1 (latest release). Our BE then enriches the token with a custom claim to identify our user using our internal identifier
3. When the response is back, we do invalidate the token and start using a refreshed token for any upcoming BE call
4. Calls to authenticated endpoints that check for our custom claim work fine

After bumping to any 11.* version of the SDK, here's what happens:

1. Same as above
2. Same as above
3. When the response is back, after the token is invalidated, the refreshed token doesn't contain the custom claim
4. Subsequent calls to authenticated endpoints fail due to the missing claim
5. The app then signs out the user
6. The claim then appears after the sign out is performed

It looks somewhat similar to what was reported in https://github.com/firebase/firebase-ios-sdk/issues/13830, although that one is for the Firestore API.

I also tried things like

• Added an "async hop" right after the user is created and the token is enriched to verify if there was some sort of race condition, but it doesn't change anything 👎
• Re-authenticate the user right after it gets created, also no change

We verified our whole Auth and BE stack, and found no issues whatsoever, which makes sense, the issue is only there when the iOS SDK gets bumped from 10. to 11.

Such issue is blocking us from updating firebase-sdk and all of its "sibling sdks", like Google Sign In and Google Tag Manager, which we need for important business cases.

I appreciate the support, let me know if any other information is needed.

Reproducing the issue

• Use Firebase iOS SDK v 11.*
• Use Xcode 16 and iOS 18
• Have custom token claims that are required by BE authentication
• Create a new user, enrich the token with such custom claim right after using the Firebase Admin SDK
• Then try to get/refresh the token on the iOS client
• The custom claim should not be there

Firebase SDK Version

11.*

Xcode Version

16.*

Installation Method

Swift Package Manager

Firebase Product(s)

Authentication

Targeted Platforms

iOS

Relevant Log Output

11.4.0 - [FirebaseInstallations][I-FIS002001] -[FIRInstallationsIDController installationWithValidAuthTokenForcingRefresh:0], appName: __FIRAPP_DEFAULT
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:33 +0000
11.4.0 - [FirebaseInstallations][I-FIS002001] -[FIRInstallationsIDController installationWithValidAuthTokenForcingRefresh:0], appName: __FIRAPP_DEFAULT
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:33 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:33 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:33 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:33 +0000
[2024-11-04 11:36:33539] - FirebaseLoginAPI.swift:performLogin(request:completion:):366 - [INFO]-[Auth container]-[networking]: Network request started: POST(<redacted>/customers/login)
11.4.0 - [FirebaseInstallations][I-FIS002001] -[FIRInstallationsIDController installationWithValidAuthTokenForcingRefresh:0], appName: __FIRAPP_DEFAULT
11.4.0 - [FirebaseAuth][I-AUT000017] Fetching new token from backend.
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseInstallations][I-FIS002001] -[FIRInstallationsIDController installationWithValidAuthTokenForcingRefresh:0], appName: __FIRAPP_DEFAULT
11.4.0 - [FirebaseInstallations][I-FIS002001] -[FIRInstallationsIDController installationWithValidAuthTokenForcingRefresh:0], appName: __FIRAPP_DEFAULT
11.4.0 - [FirebaseInstallations][I-FIS002001] -[FIRInstallationsIDController installationWithValidAuthTokenForcingRefresh:0], appName: __FIRAPP_DEFAULT
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Has valid access token. Estimated expiration date:2024-11-04 23:36:33 +0000, current date: 2024-11-04 22:36:34 +0000
11.4.0 - [FirebaseAuth][I-AUT000017] Actual token expiration date: Optional(2024-11-04 23:36:33 +0000),current date: 2024-11-04 22:36:34 +0000
[2024-11-04 11:36:34598] - FirebaseLoginAPI.swift:signOut(completion:):253 - [INFO]-[Auth container]-[networking]: Network request started: POST(<redacted>/customers/logout)
11.4.0 - [FirebaseInstallations][I-FIS002001] -[FIRInstallationsIDController installationWithValidAuthTokenForcingRefresh:0], appName: __FIRAPP_DEFAULT

If using Swift Package Manager, the project's Package.resolved

Expand Podfile.lock snippet

```yml { "pins" : [ { "identity" : "abseil-cpp-binary", "kind" : "remoteSourceControl", "location" : "https://github.com/google/abseil-cpp-binary.git", "state" : { "revision" : "194a6706acbd25e4ef639bcaddea16e8758a3e27", "version" : "1.2024011602.0" } }, { "identity" : "adyen-3ds2-ios", "kind" : "remoteSourceControl", "location" : "https://github.com/Adyen/adyen-3ds2-ios", "state" : { "revision" : "0de394345ca9d88748532ed91d99399afb85b8ed", "version" : "2.4.2" } }, { "identity" : "adyen-ios", "kind" : "remoteSourceControl", "location" : "https://github.com/getyourguide/adyen-ios", "state" : { "revision" : "513127995b27e26f9403fa301b81692f08a0ce51" } }, { "identity" : "adyen-networking-ios", "kind" : "remoteSourceControl", "location" : "https://github.com/Adyen/adyen-networking-ios", "state" : { "revision" : "9b10df842e774f5c99a2d76b1d950ec4d5d80898", "version" : "1.0.0" } }, { "identity" : "adyen-wechatpay-ios", "kind" : "remoteSourceControl", "location" : "https://github.com/Adyen/adyen-wechatpay-ios", "state" : { "revision" : "aee9b422f02d3ff75533a3338db45f2f9b9010b0", "version" : "2.1.0" } }, { "identity" : "app-check", "kind" : "remoteSourceControl", "location" : "https://github.com/google/app-check.git", "state" : { "revision" : "21fe1af9be463a359aaf8d96789ef73fc3760d09", "version" : "11.0.1" } }, { "identity" : "appauth-ios", "kind" : "remoteSourceControl", "location" : "https://github.com/openid/AppAuth-iOS.git", "state" : { "revision" : "c89ed571ae140f8eb1142735e6e23d7bb8c34cb2", "version" : "1.7.5" } }, { "identity" : "braze-swift-sdk", "kind" : "remoteSourceControl", "location" : "https://github.com/braze-inc/braze-swift-sdk", "state" : { "revision" : "5bf78ca1f37c4824bb37ee8dd66ed1b17b8a45ff", "version" : "9.3.0" } }, { "identity" : "collectionconcurrencykit", "kind" : "remoteSourceControl", "location" : "git@github.com:JohnSundell/CollectionConcurrencyKit.git", "state" : { "revision" : "b4f23e24b5a1bff301efc5e70871083ca029ff95", "version" : "0.2.0" } }, { "identity" : "combine-schedulers", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/combine-schedulers", "state" : { "revision" : "9fa31f4403da54855f1e2aeaeff478f4f0e40b13", "version" : "1.0.2" } }, { "identity" : "differ", "kind" : "remoteSourceControl", "location" : "https://github.com/tonyarnold/Differ", "state" : { "revision" : "5520fda947f1f9777a806389c2ba587219bc0538", "version" : "1.4.6" } }, { "identity" : "difference", "kind" : "remoteSourceControl", "location" : "https://github.com/krzysztofzablocki/Difference", "state" : { "revision" : "f627d00718033c3d7888acd5f4e3524a843db1cf", "version" : "1.0.2" } }, { "identity" : "facebook-ios-sdk", "kind" : "remoteSourceControl", "location" : "https://github.com/facebook/facebook-ios-sdk", "state" : { "revision" : "9b89497b97ef043991862c9a8c5bb7fffaf31988", "version" : "17.0.1" } }, { "identity" : "firebase-ios-sdk", "kind" : "remoteSourceControl", "location" : "https://github.com/firebase/firebase-ios-sdk", "state" : { "revision" : "8328630971a8fdd8072b36bb22bef732eb15e1f0", "version" : "11.4.0" } }, { "identity" : "flagskit", "kind" : "remoteSourceControl", "location" : "https://github.com/pichukov/FlagsKit", "state" : { "revision" : "fc98238228d15285eb1b89ec3c5c96c83170101d", "version" : "1.0.0" } }, { "identity" : "google-tag-manager-ios-sdk", "kind" : "remoteSourceControl", "location" : "https://github.com/googleanalytics/google-tag-manager-ios-sdk", "state" : { "revision" : "484de314452681ad059200bcda01253ee930b0bb", "version" : "8.0.0" } }, { "identity" : "googleappmeasurement", "kind" : "remoteSourceControl", "location" : "https://github.com/google/GoogleAppMeasurement.git", "state" : { "revision" : "4f234bcbdae841d7015258fbbf8e7743a39b8200", "version" : "11.4.0" } }, { "identity" : "googledatatransport", "kind" : "remoteSourceControl", "location" : "https://github.com/google/GoogleDataTransport.git", "state" : { "revision" : "617af071af9aa1d6a091d59a202910ac482128f9", "version" : "10.1.0" } }, { "identity" : "googlesignin-ios", "kind" : "remoteSourceControl", "location" : "https://github.com/google/GoogleSignIn-iOS", "state" : { "revision" : "65fb3f1aa6ffbfdc79c4e22178a55cd91561f5e9", "version" : "8.0.0" } }, { "identity" : "googleutilities", "kind" : "remoteSourceControl", "location" : "https://github.com/google/GoogleUtilities.git", "state" : { "revision" : "53156c7ec267db846e6b64c9f4c4e31ba4cf75eb", "version" : "8.0.2" } }, { "identity" : "grpc-binary", "kind" : "remoteSourceControl", "location" : "https://github.com/google/grpc-binary.git", "state" : { "revision" : "f56d8fc3162de9a498377c7b6cea43431f4f5083", "version" : "1.65.1" } }, { "identity" : "gtm-session-fetcher", "kind" : "remoteSourceControl", "location" : "https://github.com/google/gtm-session-fetcher.git", "state" : { "revision" : "a2ab612cb980066ee56d90d60d8462992c07f24b", "version" : "3.5.0" } }, { "identity" : "gtmappauth", "kind" : "remoteSourceControl", "location" : "https://github.com/google/GTMAppAuth.git", "state" : { "revision" : "5d7d66f647400952b1758b230e019b07c0b4b22a", "version" : "4.1.1" } }, { "identity" : "interop-ios-for-google-sdks", "kind" : "remoteSourceControl", "location" : "https://github.com/google/interop-ios-for-google-sdks.git", "state" : { "revision" : "2d12673670417654f08f5f90fdd62926dc3a2648", "version" : "100.0.0" } }, { "identity" : "ios_sdk", "kind" : "remoteSourceControl", "location" : "https://github.com/adjust/ios_sdk", "state" : { "revision" : "6ae03883c3b7d22e72e2a5937ad5dd8765d9c31d", "version" : "4.33.4" } }, { "identity" : "kif", "kind" : "remoteSourceControl", "location" : "https://github.com/kif-framework/KIF", "state" : { "revision" : "6c3ff27d9449eab614dae63e571596e4982a5205", "version" : "3.8.9" } }, { "identity" : "leveldb", "kind" : "remoteSourceControl", "location" : "https://github.com/firebase/leveldb.git", "state" : { "revision" : "43aaef65e0c665daadf848761d560e446d350d3d", "version" : "1.22.4" } }, { "identity" : "libwebp-xcode", "kind" : "remoteSourceControl", "location" : "https://github.com/SDWebImage/libwebp-Xcode", "state" : { "revision" : "4f52fc9b29600a03de6e05af16df0d694cb44301", "version" : "1.2.4" } }, { "identity" : "lottie-spm", "kind" : "remoteSourceControl", "location" : "https://github.com/airbnb/lottie-spm.git", "state" : { "revision" : "b842598f1295f3ffa1475b1580672d1fe5b83580", "version" : "4.5.0" } }, { "identity" : "nanopb", "kind" : "remoteSourceControl", "location" : "https://github.com/firebase/nanopb.git", "state" : { "revision" : "b7e1104502eca3a213b46303391ca4d3bc8ddec1", "version" : "2.30910.0" } }, { "identity" : "native-apps-shared", "kind" : "remoteSourceControl", "location" : "git@github.com:getyourguide/native-apps-shared.git", "state" : { "revision" : "73fd22c640640d383d4cdae8f256952968a2297b", "version" : "0.8.1729785495" } }, { "identity" : "networkimage", "kind" : "remoteSourceControl", "location" : "https://github.com/gonzalezreal/NetworkImage", "state" : { "revision" : "7aff8d1b31148d32c5933d75557d42f6323ee3d1", "version" : "6.0.0" } }, { "identity" : "nytphotoviewer", "kind" : "remoteSourceControl", "location" : "https://github.com/nytimes/NYTPhotoViewer", "state" : { "revision" : "0c0f45324c0dedba085e151bf91e713cf689aca2", "version" : "5.0.6" } }, { "identity" : "ohhttpstubs", "kind" : "remoteSourceControl", "location" : "https://github.com/AliSoftware/OHHTTPStubs", "state" : { "revision" : "12f19662426d0434d6c330c6974d53e2eb10ecd9", "version" : "9.1.0" } }, { "identity" : "otpublishersheadlesssdk", "kind" : "remoteSourceControl", "location" : "https://github.com/Zentrust/OTPublishersHeadlessSDK", "state" : { "revision" : "5e98011ee357050c2922593c877aa6c6228417cb", "version" : "202408.1.0" } }, { "identity" : "pincache", "kind" : "remoteSourceControl", "location" : "https://github.com/pinterest/PINCache.git", "state" : { "revision" : "875c654984fb52b47ca65ae70d24852b0003ccd9", "version" : "3.0.3" } }, { "identity" : "pinoperation", "kind" : "remoteSourceControl", "location" : "https://github.com/pinterest/PINOperation.git", "state" : { "revision" : "40504c156a68b20f98f7ddc73a115cbb7893be25", "version" : "1.2.2" } }, { "identity" : "pinremoteimage", "kind" : "remoteSourceControl", "location" : "https://github.com/pinterest/PINRemoteImage.git", "state" : { "revision" : "611d8ab1c6937bcdfd9d59a967716b0370a332be", "version" : "3.0.3" } }, { "identity" : "pow", "kind" : "remoteSourceControl", "location" : "https://github.com/EmergeTools/Pow.git", "state" : { "revision" : "f0d0f3e72d42beaf2b01f1cb798e1b55902814eb", "version" : "1.0.4" } }, { "identity" : "primer-sdk-3ds-ios", "kind" : "remoteSourceControl", "location" : "https://github.com/primer-io/primer-sdk-3ds-ios", "state" : { "revision" : "ac3be93adcc4d054eef7baf0f4d364cd3525dbf7", "version" : "2.3.2" } }, { "identity" : "primer-sdk-ios", "kind" : "remoteSourceControl", "location" : "https://github.com/primer-io/primer-sdk-ios.git", "state" : { "revision" : "4b066c2903e2454b90dba194623aff152505d7eb", "version" : "2.31.3" } }, { "identity" : "promises", "kind" : "remoteSourceControl", "location" : "https://github.com/google/promises.git", "state" : { "revision" : "540318ecedd63d883069ae7f1ed811a2df00b6ac", "version" : "2.4.0" } }, { "identity" : "pulsator", "kind" : "remoteSourceControl", "location" : "https://github.com/shu223/Pulsator", "state" : { "revision" : "144e160aa9ff75de5ab88a91d8a2767942d97836", "version" : "0.6.3" } }, { "identity" : "sdk_conversation_kit_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_conversation_kit_ios", "state" : { "revision" : "ec03ed5a4b6679c95611cfd6bd96d06c072be96c", "version" : "8.0.0" } }, { "identity" : "sdk_core_utilities_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_core_utilities_ios", "state" : { "revision" : "53fef7c1983571871b4bcd547335ab4034e40dc7", "version" : "3.0.0" } }, { "identity" : "sdk_faye_client_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_faye_client_ios", "state" : { "revision" : "864d2f3bd16e2a08dea050e5681ddab78df2d1ac", "version" : "1.9.0" } }, { "identity" : "sdk_guide_kit_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_guide_kit_ios", "state" : { "revision" : "f67f6d216d37f21f57502a8e4cd0b54331b9f5c8", "version" : "1.2.0" } }, { "identity" : "sdk_http_client_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_http_client_ios", "state" : { "revision" : "bf23ddf2d7b008b046a529f743103876b77eb0f0", "version" : "0.16.1" } }, { "identity" : "sdk_logger_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_logger_ios", "state" : { "revision" : "65b730075fc8043c2b4e3ccd4b1eb2be8c098455", "version" : "0.10.0" } }, { "identity" : "sdk_messaging_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_messaging_ios", "state" : { "revision" : "15469c2462ba254989c5311b1d66f7c69c4601ba", "version" : "2.26.0" } }, { "identity" : "sdk_socket_client_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_socket_client_ios", "state" : { "revision" : "10f125a3723db0b80c02d0652ca1d23bf85be74e", "version" : "1.8.0" } }, { "identity" : "sdk_storage_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_storage_ios", "state" : { "revision" : "cd2831bb0ffd36132b3977d670110be796c2d6e7", "version" : "1.1.0" } }, { "identity" : "sdk_ui_components_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_ui_components_ios", "state" : { "revision" : "b25d77e5c3c363297911fecedcf26de82d8fc794", "version" : "10.0.0" } }, { "identity" : "sdk_zendesk_ios", "kind" : "remoteSourceControl", "location" : "https://github.com/zendesk/sdk_zendesk_ios", "state" : { "revision" : "a455daa9512a71a771a41e31122874ff7c4405dc", "version" : "3.4.0" } }, { "identity" : "sdwebimage", "kind" : "remoteSourceControl", "location" : "https://github.com/SDWebImage/SDWebImage", "state" : { "revision" : "73b9397cfbd902f606572964055464903b1d84c6", "version" : "5.19.0" } }, { "identity" : "sdwebimagesvgcoder", "kind" : "remoteSourceControl", "location" : "https://github.com/SDWebImage/SDWebImageSVGCoder", "state" : { "revision" : "afbe025cbdae37c20c144956fbabc07ddd5c0fc2", "version" : "1.6.1" } }, { "identity" : "swift-case-paths", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-case-paths", "state" : { "revision" : "8d712376c99fc0267aa0e41fea732babe365270a", "version" : "1.3.3" } }, { "identity" : "swift-clocks", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-clocks", "state" : { "revision" : "b9b24b69e2adda099a1fa381cda1eeec272d5b53", "version" : "1.0.5" } }, { "identity" : "swift-collections", "kind" : "remoteSourceControl", "location" : "https://github.com/apple/swift-collections", "state" : { "revision" : "94cf62b3ba8d4bed62680a282d4c25f9c63c2efb", "version" : "1.1.0" } }, { "identity" : "swift-composable-architecture", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-composable-architecture.git", "state" : { "revision" : "433a23118f739078644ebeb4009e23d307af694a", "version" : "1.10.4" } }, { "identity" : "swift-concurrency-extras", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-concurrency-extras.git", "state" : { "revision" : "bb5059bde9022d69ac516803f4f227d8ac967f71", "version" : "1.1.0" } }, { "identity" : "swift-custom-dump", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-custom-dump", "state" : { "revision" : "f01efb26f3a192a0e88dcdb7c3c391ec2fc25d9c", "version" : "1.3.0" } }, { "identity" : "swift-dependencies", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-dependencies", "state" : { "revision" : "3ef38bb702a1a2f39c7e19fc0578403b8ee52b17", "version" : "1.3.9" } }, { "identity" : "swift-identified-collections", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-identified-collections", "state" : { "revision" : "d533cd18b0b456b106694a9899f917ee595f2666", "version" : "1.0.2" } }, { "identity" : "swift-macro-testing", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-macro-testing", "state" : { "revision" : "90e38eec4bf661ec0da1bbfd3ec507d0f0c05310", "version" : "0.3.0" } }, { "identity" : "swift-markdown-ui", "kind" : "remoteSourceControl", "location" : "https://github.com/gonzalezreal/swift-markdown-ui", "state" : { "revision" : "9a8119b37e09a770367eeb26e05267c75d854053", "version" : "2.3.1" } }, { "identity" : "swift-perception", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-perception", "state" : { "revision" : "9b77fbd07b9529312f7e9adb10f5131acd9e2363", "version" : "1.2.0" } }, { "identity" : "swift-protobuf", "kind" : "remoteSourceControl", "location" : "https://github.com/apple/swift-protobuf.git", "state" : { "revision" : "65e8f29b2d63c4e38e736b25c27b83e012159be8", "version" : "1.25.2" } }, { "identity" : "swift-snapshot-testing", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swift-snapshot-testing", "state" : { "revision" : "e7b77228b34057041374ebef00c0fd7739d71a2b", "version" : "1.15.3" } }, { "identity" : "swift-syntax", "kind" : "remoteSourceControl", "location" : "https://github.com/swiftlang/swift-syntax", "state" : { "revision" : "64889f0c732f210a935a0ad7cda38f77f876262d", "version" : "509.1.1" } }, { "identity" : "swiftclipper", "kind" : "remoteSourceControl", "location" : "https://github.com/lhuanyu/SwiftClipper", "state" : { "revision" : "0acd951af11ddf5ade98277f025de5cb0a0884c3" } }, { "identity" : "swifttrycatchspm", "kind" : "remoteSourceControl", "location" : "git@github.com:KimIlKyum/SwiftTryCatchSPM.git", "state" : { "revision" : "246bfce2caa550b88708b06b25b59b1a270f4c76", "version" : "1.0.0" } }, { "identity" : "swiftui-navigation", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/swiftui-navigation", "state" : { "revision" : "7ab04c6e2e6a73d34d5a762970ef88bf0aedb084", "version" : "1.4.0" } }, { "identity" : "usercentrics-spm-sdk", "kind" : "remoteSourceControl", "location" : "https://bitbucket.org/usercentricscode/usercentrics-spm-sdk", "state" : { "revision" : "e45a85cd20168f9377cfbb11f758f2f7bac13d84", "version" : "2.17.3" } }, { "identity" : "usercentrics-spm-ui", "kind" : "remoteSourceControl", "location" : "https://bitbucket.org/usercentricscode/usercentrics-spm-ui", "state" : { "revision" : "bae0d3a844d54143f6cc514803cf56720675e80e", "version" : "2.17.3" } }, { "identity" : "xctest-dynamic-overlay", "kind" : "remoteSourceControl", "location" : "https://github.com/pointfreeco/xctest-dynamic-overlay", "state" : { "revision" : "27d767d643fa2cf083d0a73d74fa84cacb53e85c", "version" : "1.4.1" } }, { "identity" : "zxingify-objc", "kind" : "remoteSourceControl", "location" : "https://github.com/zxingify/zxingify-objc", "state" : { "revision" : "e75eeff2089d66fc94514b43db3678a8812a9bbe", "version" : "3.6.7" } } ], "version" : 2 } ```

If using CocoaPods, the project's Podfile.lock

Expand Podfile.lock snippet

```yml Replace this line with the contents of your Podfile.lock! ```

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[paulb777]

@marinofelipe Thanks for the report. Which Firebase Auth APIs are you using? Do you know which API is behaving differently between 10.x and 11.x? Are you able to share a reproducible example?

[marinofelipe]

Hi @paulb777 , thanks for the quick reply.

We are using a couple of methods from the Auth API like the following

• createUser(withEmail:password:completion:)
• signIn(withEmail:password:completion:)
• signIn(with:completion:)
• and a few more

And mainly getIDTokenResult(forcingRefresh:completion:) from the FirebaseAuth.User API.

Our issues happen solely when creating a user and then enriching a user token with custom claims via the BE. That's what changes for us from 10.x to 11.x. Before as soon as the user is created and the BE enriches the token with claims, calling getIDTokenResult will return token with those claims, which doesn't happen anymore in 11.*, even if we add a "delay" to retrieve the token, the only thing that makes the claims appear is to sign out the user using the Auth API.

Are you able to share a reproducible example?

What would be the best format here @paulb777 , any suggestions/preferences?

Thank you

[paulb777]

@marinofelipe I did some code inspection today of getIDTokenResult and found one logic difference between 10.x and 11.x - fixed in #14067, but I'm not convinced that's causing the custom claims issue.

Ideally I would need an app that is debuggable to track the differences between the two versions - or alternatively you could take a step a debugging getIDTokenResult to see if you can see the difference - and let us know.

[marinofelipe]

Hi @paulb777 , thanks for looking into it and the quick update.

I've run initial tests on our side and it looks like the issue was addressed on 11.5.0, likely by your fix. I'll run our automated and manual tests a few more times to confirm, and then get back to you, 🤞 .

Ah, and sorry for the delay on the answer, I was out on vacation the last week.

[paulb777]

That's great. Thanks for letting us know. 😄

[marinofelipe]

Hi @paulb777 , false alarm, the issue is still present. I'm working on a minified/sample app to send you, and I will also try to debug the getIDTokenResult method to see if I spot anything.

[marinofelipe]

Hi @paulb777 , some updates from my side

• I found a work-around 🎉 , so we are not blocked by an SDK patch for now, which is great for us 🙌
  • It works when getIDTokenResult is called with forcingRefresh as true twice before the token gets used and sent to our backend. That was the way I found to consistently have the token with the latest custom claims added by the BE, so it make me think that there could be some small change on the refresh logic behavior
• I tried to debug it myself, but wasn't able to find where the issue lies. I noticed that Auth was completely rewritten in Swift, right? It was also not so easy for me to go deeper into it, but makes me think that there could be some change in behavior due to that big migration
• I have a sample app almost ready to send your way. But before, a general question on that?
  • Do you need our own firebase configuration file and backend communication, or can I leave a placeholder for you to fake it out? I would like to avoid sharing details and secrets about our app 😅

[paulb777]

Hi @marinofelipe, thanks for the update. It's good to hear you have a workaround.

Yes Auth was completely rewritten in Swift. The intent was to keep the public API behavior the same while doing so and we've re-reviewed and don't see differences. However, as you say, it's quite possible we missed something.

Understood about the concerns about sharing details. If you send the placeholder, would you also send a fake that still demonstrates the issue?

[marinofelipe]

Understood about the concerns about sharing details. If you send the placeholder, would you also send a fake that still demonstrates the issue?

@paulb777 , I'm not sure it's possible to fully demonstrate it, unless there's a way to enhance tokens with custom claims via the iOS SDK? Or is there any other way that doesn't require a backend/server that communicates with the Admin SDK, that you would recommend me?